1 Answer

Once again, do you mean the physical port of a switch or router to which an equipment with this IP is connected, or do you mean something else? Many higher layer protocols atop IP (like UDP, TCP, SCTP) use a sub-address called "port", but if you are interested in this kind of port, the question is a bit upside down as 65535 ports are available at each IP address.

The information about the particular interface of the capturing machine on which a particular packet has been captured is available in the Frame part of the packet dissection. The information about physical port of any external device through which the packet has travelled is not recorded into the packet in any way, so Wireshark can not display it to you.

So if you need to identify the physical port of some switch through which the device with a given IP address is connected, you need to find the mapping between IP address and MAC address, which Wireshark can help you with as all packets coming from that IP will have a MAC address of the device from which they got to your LAN, which is either the device itself or a router if the device is not directly connected to your LAN. Then, you need to connect to management interface of your switch and let it show you through which of its ports it can see that MAC address.

If your switch has no management interface, you're out of luck and you'll have to disconnect cables one by one while pinging the IP.